1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Millions of embedded devices use the same hard-coded SSH and TLS private keys

Discussion in 'Network World' started by RSS, Nov 26, 2015.

  1. RSS

    RSS New Member Member

    Thousands of routers, modems, IP cameras, VoIP phones and other embedded devices share the same hard-coded SSH (Secure Shell) host keys or HTTPS (HTTP Secure) server certificates, a study found.

    By extracting those keys, hackers can potentially launch man-in-the-middle attacks to intercept and decrypt traffic between users and millions of devices.

    Researchers from security firm SEC Consult analyzed firmware images for over 4,000 models of embedded devices from more than 70 manufacturers. In them they found over 580 unique private keys for SSH and HTTPS, many of them shared between multiple devices from the same vendor or even from different ones.

    To read this article in full or to leave a comment, please click here

    Continue reading...
     

Share This Page